IA-8: Identification and Authentication (Non-Organizational Users)

NIST Baseline:  Low 

DIR Required By:  01/20/2023  

Review Date:  07/10/2024 

• Non-organizational users must be uniquely identified and authenticated before access is granted to an information resource as detailed in Control AC-2, Account Management.  
  • Non-organizational users must have an account sponsor as described in Control AC-2, Account Management. 
• As specified in Control AC-14, Permitted Actions Without Identification or Authentication, public websites, information kiosks and other situations where risk analysis demonstrates no need for individual accountability of users are exempt. 

---

References/Additional Resources

None.  See any applicable internal procedures.